Technical Analyst, Support Services
This is a constant debate in some circles. Many execs and managers leave their company’s cybersecurity vulnerable to threats because they don’t want to spend money or chew up their budgets on IT. In a sense I get that. ‘Didn’t we upgrade that 2 years ago?’ or ‘Why do I need this?’ are common questions in offices and boardrooms. Let’s face it…technology is constantly evolving. The moment you purchase the new iPhone means that you are six months away from rumors about the next iPhone which is even better. The latest and greatest software from one vendor is the flavor this month, but next year something new will come out from a different player and it will have features that today’s product doesn’t have. When does it end? It doesn’t. This is the cycle. There’s no wonder that some see IT as a cost center. There is an expectation to spend a certain amount each year to modernize or shore up. Where’s the benefit? Oftentimes, the benefits are in what you don’t see. Just as often, organizations learn the value the hard way, through lost productivity or stolen data.
Those of us in IT know the value add that we provide. Critical systems need to be optimized and hardened, modern technologies should be leveraged, and key infrastructure spends should be made in order to make your business function efficiently, and more importantly, to protect your data and users. This is true now, more than ever. Cyber security is more important than ever and the ramifications of not being prepared are everywhere. HBO is being blackmailed under the threat of leaking a vast amount of internal data such as executive email addresses, personal phone numbers for cast members of various shows, and even worse, who may be the next to die on Game of Thrones!
Was this theft of information a direct result of a decision to not spend enough on IT? Maybe. Maybe not. It could have simply been bad luck. Perhaps stakeholders believed that their infrastructure was secure. This doesn’t let them off the hook, however. Regardless of why it happened, it happened. New vulnerabilities are popping up all the time. The security landscape is ever-evolving. IT departments should constantly be on guard. Complacency can be dangerous. The value add in technology can be realized through refining processes, tightening security, and ensuring that you aren’t resting on your laurels.
We can’t simply point the finger at HBO though. They aren’t the only organization to be compromised in the last few years. This is becoming a trend. Simply ‘Google’ data breaches and you will see a plethora of companies which have lost user records and/or intellectual property. Bank robbers and jewel thieves have been partially replaced by people with computers looking to market data that doesn’t belong to them. Data can be converted to currency in the modern world. Every organization, regardless of size, should be concerned about this. As a result, IT should no longer be seen as a cost center. As I referenced in the first paragraph, some of the value in IT spend may not jump out at you. Not being breached is an example of that ‘less visible’ value add. Purchasing a security system for your home can be viewed only as an expense unless you find out that it actually deterred a break in. What about insurance products? We pay for car insurance, home insurance, travel insurance, and life insurance…hoping to never actually need it. Again, you may only see the benefit when you need to repair your car or home, or require special care or medications. When you really think about it, these costs have real value.
Once you stop looking at IT as a cost center and think of it more in terms of a security system or insurance, you may get the true value of what technology spend offers: safety, security, and peace of mind. It may be the best money you’ve ever spent. Contact Bulletproof to achieve security cost-effectiveness and reduce your company’s cybersecurity risk.